Page 9 of 46 results (0.011 seconds)

CVSS: 9.8EPSS: 13%CPEs: 4EXPL: 0

The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. La función safe_eval en Ansible versiones anteriores a 1.6.4, no restringe apropiadamente el subconjunto de códigos, lo que permite a atacantes remotos ejecutar código arbitrario por medio de instrucciones diseñadas. NOTA: esta vulnerabilidad se presenta debido a una corrección incompleta del CVE-2014-4657. • https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916 https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ https://security-tracker.debian.org/tracker/CVE-2014-4678 https://www.openwall.com/lists/oss-security/2014/06/26/30 https://www.openwall.com/lists/oss-security/2014/07/02/2 https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5 https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0

The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. La función safe_eval en Ansible versiones anteriores a 1.5.4, no restringe apropiadamente el subconjunto de código, lo que permite a atacantes remotos ejecutar código arbitrario por medio de instrucciones diseñadas. • https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md https://www.securityfocus.com/bid/68232 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. Ansible versiones anteriores a 1.6.7, no impide los datos de inventario con las subcadenas "{{" y "lookup", y no impide los datos remotos con las subcadenas "{{", lo que permite a atacantes remotos ejecutar código arbitrario por medio de (1) llamadas a lookup('pipe') diseñadas o (2) datos Jinja2 diseñados. • http://www.ocert.org/advisories/ocert-2014-004.html https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. Múltiples vulnerabilidades de inyección de argumentos en Ansible versiones anteriores a 1.6.7, permiten a atacantes remotos ejecutar código arbitrario al aprovechar el acceso a un host administrado de Ansible y proporcionar un dato diseñado como es demostrado por un dato con (1) una cláusula "src=" al final, (2) una cláusula "temp=" al final, o (3) una cláusula "validate=" al final, acompañada de un comando de shell. • http://www.ocert.org/advisories/ocert-2014-004.html https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 0

runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/. runner/connection_plugins/ssh.py en Ansible anteriores a v1.2.3 al usar ControlPersist, permite a usuarios locales redirigir una sesión ssh a través de un ataque de enlaces simbólicos sobre un archivo de socket con un nombre predecible en /tmp/. • http://www.ansible.com/security https://bugzilla.redhat.com/show_bug.cgi?id=998223 https://groups.google.com/forum/#%21topic/ansible-project/UVDYW0HGcNg • CWE-264: Permissions, Privileges, and Access Controls •